Commit graph

1005 commits

Author SHA1 Message Date
Pere Lev
6e8cedadd1
Client: Fix bug: Invite target isn't addressed 2023-06-19 10:38:22 +03:00
Pere Lev
581838e550
Support the 6 ForgeFed roles + launch repo/deck/loom actor upon creation 2023-06-17 21:35:00 +03:00
Pere Lev
c8c2106eab
UI: In deck collaborator list, have a Remove button for each 2023-06-17 01:27:28 +03:00
Pere Lev
58518811e3
UI for publishing a Remove 2023-06-17 00:39:02 +03:00
Pere Lev
9673887479
C2S Remove handler 2023-06-17 00:28:35 +03:00
Pere Lev
7b64ab56b1
S2S Remove handlers for Person and Deck 2023-06-16 23:42:50 +03:00
Pere Lev
928ad8f9a9
UI in deck collaborators list, for adding a new collaborator 2023-06-16 20:12:40 +03:00
Pere Lev
aaa92d8141
UI for publishing an Invite 2023-06-16 17:39:11 +03:00
Pere Lev
ffb5dadac7
Link C2S handler with ClientMsg Person actor handler & port inviteC 2023-06-16 17:15:15 +03:00
Pere Lev
a683185918
Actor system: Add support for C2S actor methods 2023-06-15 20:23:50 +03:00
Pere Lev
d33f272ede
Switch to converged handlers than handle both local and remote activities
I was writing a topicLocalInvite handler when I realized how cumbersome
it's becoming, to have separate handlers for local activities. While it
allows me to pick custom specific message names and parameters (which is
why I took that approach in the first place), it causes a lot of
duplication and complexity (because I have to write the remote-activity
handlers anyway; adding local ones doesn't reduce complexity).

So this commit switches the entire system to communicate only using
AP/FF activities, including between local actors.
2023-06-15 15:44:43 +03:00
Pere Lev
d5d6b0af61
On app start, launch only verified Persons 2023-06-10 10:56:02 +03:00
Pere Lev
a41356c261
Upon account verification, launch the Person actor 2023-06-10 10:51:01 +03:00
Pere Lev
59e99f405a
Deck: Port Join handler 2023-06-09 09:40:10 +03:00
Pere Lev
85f77fcac4
Deck: Port Invite handler 2023-06-08 15:38:09 +03:00
Pere Lev
9955a3c0ad
Deck: Port/write Accept, Reject, Follow, Undo 2023-06-07 10:15:30 +03:00
Pere Lev
d467626049
Person: Implement (trivial) Revoke handler 2023-06-05 12:38:08 +03:00
Pere Lev
b4ebd08c5a
Person: Port Undo{Follow} handler 2023-06-05 11:34:58 +03:00
Pere Lev
552ef760e6
Person: Port Reject{Follow} handler 2023-06-05 10:03:20 +03:00
Pere Lev
9b0622cd7a
Person: Port the Accept{Follow} handler 2023-06-05 09:43:28 +03:00
Pere Lev
b759b87d0f
Person: Implement (the quite trivial) Join handler 2023-05-30 22:21:51 +03:00
Pere Lev
4d8e5de8b8
Person: Port Invite and Follow handlers to new system 2023-05-30 22:02:11 +03:00
Pere Lev
cc135692c0
Web.ActivityPub: Add Grant 'allows' & 'delegates' fields 2023-05-30 14:34:37 +03:00
Pere Lev
621275e257
Verify integrity proof on remote activities coming into local inboxes
Limitations:

- Only jcs-eddsa-2022 is supported for now, can add more easily if
  needed
- Not verifying forwarded local activities, only remotely-authored ones
- Fetching key and actor with HTTP without using the DB cache, because
  the current cache system is deprecated and I haven't yet created the
  new one
2023-05-30 12:51:41 +03:00
Pere Lev
e8e587af26
Generate FEP-8b32 authenticity proofs when delivering activities
Limitations:

- Verification of proofs not implemeneted yet, just generation.
  Verification probably coming in the next commit.
- Only jcs-eddsa-2022 is supported. Can add more cryptosuites once
  they're updated for the requirements of the VC Data Integrity spec.
- Bug: The proofs aren't stored in the DB versions of outgoing activities, i.e.
  HTTP GETing an activity won't include the proof. Probably not urgent
  to fix. Ideally, change the whole PersistJSONObject/Envelope/etc.
  thing to allow to serialize the activity exactly once.
2023-05-30 09:48:21 +03:00
Pere Lev
ba02d62eb5
Web.ActivityPub: Add Grant startTime and endTime 2023-05-29 10:47:41 +03:00
Pere Lev
a22aeb85d0
Web.ActivityPub: Add grantResult field, with optional duration 2023-05-29 09:50:17 +03:00
Pere Lev
906b5e8f44
Update docs for darcs->git switch, and switch from darcs-rev to gitrev 2023-05-25 13:55:56 +03:00
fr33domlover
6786e2e0e1 Implement theater-based remote delivery and port personGrant 2023-05-24 22:17:14 +00:00
fr33domlover
c9db823c8c Implement actor-model system and start moving Person actor to it
This patch makes Vervis temporarily unusable, because all actors' inbox POST
handlers use the new system, but the actual federation handler code hasn't been
ported. The next patches will port all the S2S activities supported so far, as
well as C2S.
2023-04-29 10:40:44 +00:00
fr33domlover
72796a6bdc UI, S2S: Implement Join flow in S2S + deck devs page now lists join requests 2022-11-14 15:11:25 +00:00
fr33domlover
e4d7156cbc S2S: Implement repoUndoF, loomUndoF, personUndoF 2022-10-31 14:13:18 +00:00
fr33domlover
9b158c13cd S2S: Implement deckUndoF 2022-10-27 16:27:58 +00:00
fr33domlover
934c69daae UI, S2S: Re-implement and re-enable Push activity
- When pushing to a repo, a Push activity is now automatically published
- The 'actor' is now the repo, and 'attributedTo' specifies the person who
  pushed
- No need for 'context' in the Push anymore, since it's always the 'actor'
- 'target' now specifies the branch as a Branch object rather than URI (since
  Vervis doesn't keep AS2 objects for branches anymore)
- I deleted 'pushCommitsC' (from Vervis.API) because the code for preparing and
  pushing an activity is so simple with the new delivery API, doesn't need a
  dedicated pushCommitsC function
- The generated Push activity does generate an HTML summary, unlike all other
  generated activities (in which I removed the summary generating code); I'm
  still unsure whether to bring back those summaries (extra code to write, for
  a problematic feature that may become useless when the new UI comes)
2022-10-26 10:47:38 +00:00
fr33domlover
340d1eacb1 S2S: loomFollowF & repoFollowF 2022-10-26 05:25:44 +00:00
fr33domlover
ee3548a940 S2S: Re-implement and re-enable deckFollowF 2022-10-25 19:02:07 +00:00
fr33domlover
648204ef80 S2S: Implement loomResolveF, allowing to close MR without Applying 2022-10-25 18:49:19 +00:00
fr33domlover
756c2952f2 S2S: Re-implement and re-enable personFollowF 2022-10-25 18:02:06 +00:00
fr33domlover
f76e80c028 S2S: Re-implement and re-enable deckResolveF 2022-10-25 16:12:48 +00:00
fr33domlover
8f8354ea5e C2S: Re-implement and enable resolveC, followC, undoC 2022-10-25 04:54:56 +00:00
fr33domlover
fa7f765e2e DB: Remote Ticket.status field 2022-10-20 15:41:47 +00:00
fr33domlover
fdf6a83c40 DB, UI: Prepare DB schema for Join flow + display deck collaborators & invites 2022-10-20 12:53:54 +00:00
fr33domlover
eb342b47ed DB: Move new entity declarations to a new module Vervis.Migration.Entities 2022-10-19 09:06:38 +00:00
fr33domlover
6407aaf897 DB: Avoid bulk-selecting specific-actor records
When looking up a specfic actor record for a given ActorId, you're pretty much
guaranteed to find the actor if it exists, because there's 1 function in the
codebase that handles this. Whenever a new actor type is added, which is a rare
event, that function gets updated.

But when mass-selecting actors using Esqueleto? Then, you need to LeftOuterJoin
by yourself on each actor type. This is both ugly and error prone, because all
those places in the codebase need to be updated when adding an actor type. The
only downside is that it means O(n) DB queries instead of O(1).

Perhaps there's some elegant way to "add" the specific-actor Joins to a given
Esqueleto query. Something to do some other time, as an optimization, if the
need arises.
2022-10-18 16:05:33 +00:00
fr33domlover
118b787416 UI: New ticket/MR creation form + deck/loom navigation links 2022-10-17 15:08:00 +00:00
fr33domlover
d8c65930ca UI, DB: Switch ticket filter to use TicketResolve instead of TicketStatus 2022-10-16 23:44:16 +00:00
fr33domlover
7ddb79d78d DB: If no workflow exists, add a dummy one 2022-10-16 23:42:41 +00:00
fr33domlover
e638ff4117 UI: In ticket/MR pages, display when and by whom the ticket was resolved 2022-10-16 22:25:21 +00:00
fr33domlover
58ca5e998e UI: Redirect DeckR to DeckTicketsR 2022-10-16 22:24:41 +00:00
fr33domlover
b99d864429 UI, Web: Re-enable ticket/MR replies view and commenting forms/buttons 2022-10-16 20:34:00 +00:00
fr33domlover
d5e913d97a S2S: Implement loomCreateNoteF 2022-10-16 12:24:41 +00:00
fr33domlover
2e7f9ef5e6 S2S: Re-enable deckCreateNoteF 2022-10-16 12:14:30 +00:00
fr33domlover
71bceec18b C2S, S2S: Re-enable createNoteC and personCreateNoteF 2022-10-16 11:26:24 +00:00
fr33domlover
8424c76de7 Link to per-actor keys from actor documents
Per-actor keys are now fully supported in Vervis! Caveats:

- The HTTP Signature keys produced by Vervis are Ed25519 keys; software that
  expects only RSA keys will fail here
- Like instance keys, per-actor keys are currently served in separate
  documents, not embedded in the actor document; so software that expects
  embedded keys will fail here
2022-10-12 18:01:52 +00:00
fr33domlover
32c87e3839 Improve the AP async HTTP delivery API and per-actor key support
New iteration of the ActivityPub delivery implementation and interface.
Advantages over previous interface:

* When sending a ByteString body, the sender is explicitly passed as a
  parameter instead of JSON-parsing it out of the ByteString
* Clear 3 operations provided: Send, Resend and Forward
* Support for per-actor keys
* Actor-type-specific functions (e.g. deliverRemoteDB_D) removed
* Only the most high-level API is exposed to Activity handler code, making
  handler code more concise and clear

Also added in this patch:

* Foundation for per-actor key support
* 1 key per actor allowed in DB
* Disabled C2S and S2S handlers now un-exported for clarity
* Audience and capability parsing automatically done for all C2S handlers
* Audience and activity composition automatically done for Vervis.Client
  builder functions

Caveats:

* Actor documents still don't link to their per-actor keys; that should be the
  last piece to complete per-actor key support
* No moderation and anti-spam tools yet
* Delivery API doesn't yet have good integration of persistence layer, e.g.
  activity is separately encoded into bytestring for DB and for HTTP; this will
  be improved in the next iteration
* Periodic delivery now done in 3 separate steps, running sequentially; it
  simplifies the code, but may be changed for efficiency/robustness in the next
  iterations
* Periodic delivery collects per-actor keys in a
  1-DB-transaction-for-each-delivery fashion, rather than grabbing them in the
  big Esqueleto query (or keeping the signed output in the DB; this isn't done
  currently to allow for smooth actor key renewal)
* No support yet in the API for delivery where the actor key has already been
  fetched, rather than doing a DB transaction to grab it; such support would be
  just an optimization, so it's low-priority, but will be added in later
  iterations
2022-10-12 16:50:11 +00:00
fr33domlover
0cc1e20f85 UX: Don't redirect to referer after login
It causes first login after verification to redirect to registration page,
which is weird, and the default Yesod falue is False, so, switching back to
False
2022-09-28 14:10:20 +00:00
fr33domlover
861d7636bc UX: Don't require login for verifying email address 2022-09-28 14:09:10 +00:00
fr33domlover
0d1de1278b UI: Add settings option to change main UI color 2022-09-28 06:03:43 +00:00
fr33domlover
84b70aa7b3 UI: If MR is applied, don't do the canApply check and display "RESOLVED" 2022-09-27 18:11:13 +00:00
fr33domlover
088d166d13 Fix infinite loop in getBundleR 2022-09-27 18:08:59 +00:00
fr33domlover
c5b85d11a9 UI: Since getLoomR doesn't have UI, redirect to LoomClothsR 2022-09-27 10:52:31 +00:00
fr33domlover
587ae5e8cc Fix query error in getTicketSummaries 2022-09-27 10:49:32 +00:00
fr33domlover
ceb0d951c1 UI: Personal overview: List your repos, decks, looms 2022-09-27 08:04:55 +00:00
fr33domlover
323de5b114 UI, Doc: Update Vervis repo links, because the route structure changed 2022-09-27 04:49:17 +00:00
fr33domlover
ee26ef7b82 UI: Actor outbox view: Render URI from route instead of parsing JSON for @id 2022-09-26 14:20:21 +00:00
fr33domlover
7429345cc0 If an outbox item is missing an @id, display whole activity in error message 2022-09-26 13:52:01 +00:00
fr33domlover
a96fcb8835 PostReceiveR hook handler: Don't raise error, otherwise VCS push fails 2022-09-26 13:31:24 +00:00
fr33domlover
482e2e806e DB: Migration: When switching repos dir to new layout, remove old sharer dirs 2022-09-26 13:27:16 +00:00
fr33domlover
6b0783a10b DB: Migration: Fix error in mig 447, accidentally creation CollabTopicLocal
Repo/Loom/Deck created one in their migrations, but CollabTopicAccept isn't
itself a topic, it's just a helper, so it needs to *find* the relevant
CollabTopicLocal rather than create a new one.
2022-09-26 13:12:44 +00:00
fr33domlover
cc9facdf5a UI: Tweak and re-enable UI for uploading personal SSH keys 2022-09-26 12:51:06 +00:00
fr33domlover
206d140b95 DB: Migration: Check for surprisingly named foreign constraints, fail if found
Because finding them may be a sign of undetected error in the migration plan,
so it's best to stop and find it
2022-09-26 12:48:21 +00:00
fr33domlover
1d2a251c13 DB: Fix typo in DB migration 2022-09-26 06:55:23 +00:00
fr33domlover
6d0eab24d1 UI: Define nav breadcrumbs for all routes 2022-09-26 06:54:16 +00:00
fr33domlover
ab105cb604 Crypto: PersistField instance for ActorKey, preparing to support per-actor keys
Like the KeyFile instance, it stores just the secret key, in a plain
ByteString, and generates the public key from it when decoding from the DB
2022-09-25 12:29:53 +00:00
fr33domlover
f10655f2c1 Client, UI: "Apply" button for local MRs & PublishMergeR form for remote MRs 2022-09-24 21:15:40 +00:00
fr33domlover
ba6f22b94b S2S: Implement loomApplyF (remote person asking to apply bundle on local loom) 2022-09-24 15:46:02 +00:00
fr33domlover
be95f15b21 C2S: Implement applyC (apply a patch/MR to a repo/branch)
Both Git and Darcs are supported

- Darcs implementation applies right on the bare repo, I haven't tested to make
  sure it works right (federated MR demo is going to be only for Git)
- Git implementation clones to temporary repo, runs `git am` on it to apply,
  then pushes to the real bare repo (because `git am` doesn't work on bare
  repos; I haven't tested yet to see how it handles conflicts; cloning and
  pushing should be efficient since the refs are just hardlinked rather than
  copied)
2022-09-24 09:04:10 +00:00
fr33domlover
b5adfce971 S2S: loomOfferTicketF, open MR sent by remote author 2022-09-23 15:59:21 +00:00
fr33domlover
ef8e1c1108 S2S: deckOfferTicketF (i.e. local deck receives ticket from remote author) 2022-09-23 15:58:54 +00:00
fr33domlover
0d922b0e5a Client, UI: Git merge request submission form 2022-09-23 05:20:39 +00:00
fr33domlover
9cb90c58c0 DB: Remember whether a Bundle came from person input or auto-generated 2022-09-22 17:23:33 +00:00
fr33domlover
de51fb9ab5 C2S: offerTicketC: If origin provided but not bundle, generate patches from git
For now it's implemented only for Git:

If tracker is a local loom, and a (local or remote) origin repo is specified,
but no patches are provided, then generate them ourselves!

* Clone the (local) target repo
* Add the (local or remote) origin repo as a git remote
* Make sure target branch is an ancestor of the origin branch
* Generate patches for the commits that origin adds on top of target
* Insert them into our DB
2022-09-22 17:12:37 +00:00
fr33domlover
2e7c5f767c Add 'cloneUri' to AP.Repo, publish in getRepoR, grab in offerTicketC
In offerTicketC it can be used for fetching commits from the remote origin
repo, by knowing its clone URI

Only HTTP clone URIs are supported for now, because it's enough for finishing
the federated MR implementation. Apparently user@host:path isn't a valid URI
and I'll later add a parser for that
2022-09-22 06:02:14 +00:00
fr33domlover
e7ab9e701c C2S: offerTicketC: Add VCS-type and patch-type consistency checks 2022-09-21 17:45:38 +00:00
fr33domlover
23b5343ec2 C2S: Enable offerTicketC for person inbox post handler 2022-09-21 14:22:36 +00:00
fr33domlover
de2e29d505 C2S: offerTicketC re-enabled and supporting looms and remote origin repo
What's missing:

- Match patch VCS, origin repo VCS and target repo VCS
- Hook into postPersonInboxR
- If only origin is provided, generate patches / otherwise somehow remember the
  commits proposed
2022-09-21 12:50:26 +00:00
fr33domlover
0b10056cc3 UI: getClothR: If a Bundle exists in DB, display list of its patches 2022-09-19 12:02:48 +00:00
fr33domlover
ffe68390e5 UI: getBundleR: Display list of old versions and list of patches 2022-09-19 11:40:08 +00:00
fr33domlover
dae8554a12 UI: getPatchR: Display diff-syntax-highlighted patch content file 2022-09-19 11:00:47 +00:00
fr33domlover
5673340bd1 UI: Display origin and target repos in getClothR HTML 2022-09-18 17:37:25 +00:00
fr33domlover
9906231d04 DB, Web: Allow origin repo for Cloths, mention in getClothR JSON 2022-09-18 15:55:42 +00:00
fr33domlover
9deba96cf2 UI: Serve HTML in getClothR, copied from getTicketR 2022-09-18 07:44:00 +00:00
fr33domlover
1e2b3d2006 UI: HTML version for getLoomClothsR, copied from getDeckTicketsR 2022-09-17 19:17:11 +00:00
fr33domlover
1db56ced39 UI: Re-enable ticket page, some pieces still missing, mostly buttons 2022-09-17 17:42:04 +00:00
fr33domlover
e69d775f3f UI: Fix and re-enable deck ticket list view 2022-09-17 10:14:27 +00:00
fr33domlover
c495d78d05 C2S, UI: Loom creation and Repo linking to a Loom
RepoSourceR, for a repo that doesn't have a loom, lists looms that want to
serve that repo with buttons for bidirectionally linking the repo to a loom

Once linked, the repo navbar has a Patches/MRs link pointing to the LoomClothsR
of the linked Loom
2022-09-17 08:31:22 +00:00
fr33domlover
1c8c6d9d24 UI: In RepoSourceR page, mention SSH clone address 2022-09-16 14:04:24 +00:00
fr33domlover
40f741e504 UI: Fix and re-enable getRepoSourceR (repo content file/dir browsing) 2022-09-16 13:47:10 +00:00
fr33domlover
b66bab4295 UI: Fix and re-enable getRepoCommitsR (i.e. repo history view) 2022-09-16 12:46:52 +00:00
fr33domlover
91cdbf51ab UI: Fix and re-enable getRepoCommitR 2022-09-16 11:41:58 +00:00